diff options
Diffstat (limited to 'test/x509_test.c')
-rw-r--r-- | test/x509_test.c | 72 |
1 files changed, 72 insertions, 0 deletions
diff --git a/test/x509_test.c b/test/x509_test.c index f5a67c63d9..3996d5010d 100644 --- a/test/x509_test.c +++ b/test/x509_test.c @@ -7,7 +7,14 @@ * https://www.openssl.org/source/license.html */ +#define OPENSSL_SUPPRESS_DEPRECATED /* EVP_PKEY_get1/set1_RSA */ + #include <openssl/x509.h> +#include <openssl/asn1.h> +#include <openssl/evp.h> +#include <openssl/rsa.h> +#include <openssl/pem.h> +#include "crypto/x509.h" /* x509_st definition */ #include "testutil.h" static EVP_PKEY *pubkey = NULL; @@ -114,9 +121,73 @@ static int test_x509_crl_tbs_cache(void) return ret; } +static int test_asn1_item_verify(void) +{ + int ret = 0; + BIO *bio = NULL; + X509 *x509 = NULL; + const char *certfile; + const ASN1_BIT_STRING *sig = NULL; + const X509_ALGOR *alg = NULL; + EVP_PKEY *pkey; +#ifndef OPENSSL_NO_DEPRECATED_3_0 + RSA *rsa = NULL; +#endif + + if (!TEST_ptr(certfile = test_get_argument(0)) + || !TEST_ptr(bio = BIO_new_file(certfile, "r")) + || !TEST_ptr(x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL)) + || !TEST_ptr(pkey = X509_get0_pubkey(x509))) + goto err; + +#ifndef OPENSSL_NO_DEPRECATED_3_0 + /* Issue #24575 requires legacy key but the test is useful anyway */ + if (!TEST_ptr(rsa = EVP_PKEY_get1_RSA(pkey))) + goto err; + + if (!TEST_int_gt(EVP_PKEY_set1_RSA(pkey, rsa), 0)) + goto err; +#endif + + X509_get0_signature(&sig, &alg, x509); + + if (!TEST_int_gt(ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF), + (X509_ALGOR *)alg, (ASN1_BIT_STRING *)sig, + &x509->cert_info, pkey), 0)) + goto err; + + ERR_set_mark(); + if (!TEST_int_lt(ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF), + (X509_ALGOR *)alg, (ASN1_BIT_STRING *)sig, + NULL, pkey), 0)) { + ERR_clear_last_mark(); + goto err; + } + ERR_pop_to_mark(); + + ret = 1; + + err: +#ifndef OPENSSL_NO_DEPRECATED_3_0 + RSA_free(rsa); +#endif + X509_free(x509); + BIO_free(bio); + return ret; +} + +OPT_TEST_DECLARE_USAGE("<pss-self-signed-cert.pem>\n") + int setup_tests(void) { const unsigned char *p; + int cnt; + + cnt = test_get_argument_count(); + if (cnt != 1) { + TEST_error("Must specify a certificate file self-signed with RSA-PSS.\n"); + return 0; + } p = pubkeydata; pubkey = d2i_PUBKEY(NULL, &p, sizeof(pubkeydata)); @@ -138,6 +209,7 @@ int setup_tests(void) ADD_TEST(test_x509_tbs_cache); ADD_TEST(test_x509_crl_tbs_cache); + ADD_TEST(test_asn1_item_verify); return 1; } |